Tuesday | 7 July, 2009
CSO
Ouch! Security pros' worst mistakes
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the process
Bill Brenner (CSO (US)) 04/09/2008 08:05:00
Page:

"[But] with all the hustle and bustle happening, customer projects and service deadlines, we got caught up in other 'to-dos' and didn't complete our changes to comply with our new policies. Of course, the possibility of losing all your data, equipment and PCs is a huge concern, so revising our backup scheme should have been (and was) a priority. But the customer projects were more in our faces and they got the attention first.

"A couple of weeks later, the unthinkable happened. We had a fire AND a flood in the office. The fire, which was started in an unused portion of the old warehouse above our space, caused the sprinklers to go off. And there were lots of them. It might have been okay, but the sprinklers didn't stop. The water flooded into our office space. Ceiling tiles came crashing down and the floor was covered with 8 inches of water, burnt chunks of wood were falling through and just about every piece of equipment was ruined. It was Easter Saturday. I'll never forget the call that morning, or the feeling I had when I walked into the dark water-logged building. It was such a mess.

"My first two thoughts were how would we ever clean all this up and where was our data. As we started the cleanup process, I had other thoughts: How do we secure our printed records while the clean-up crew is here? How will we document and destroy all these ruined records? And still, where is our data? We had water, sogginess and mildew to contend with so the cleanup process was much more involved than I could imagine. Security was a priority for us, and the whole team was on board to ensure everything was handled properly. We successfully sequestered sensitive paperwork in a locked facility, waited for it to dry, and then had it destroyed.

"We were lucky. Our primary server room remained unscathed, our servers, backups and main networking equipment was all intact (and dry). As you can imagine, after the clean-up the what-ifs started flying through our heads. What if the server room had been destroyed? In our case, the previous incarnation of our backup procedures would have saved us. Our critical data was indeed secured at an off-site location, but in its current state, it would have made maintaining business continuity a much slower process."

THE LESSON

"The most important lesson is this: Never displace your organization's business priorities with day-to-day 'emergencies.' You never know when something incredibly unexpected will occur."

Page:

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

Reducing the risk of insider abuse

The potential for insider abuse can never be eliminated completely, but the steps outlined in this white paper can reduce the potential for such abuse. Read on to ensure no one person can alter your operations to their personal advantage or to the detriment of your organisation.

Sponsored Links